Между буквой и духом законов: как международной компании защитить ПДн клиентов и избежать санкций

Большинство международных компаний ходит по тонкому льду — когда твои сотрудники и пользователи разбросаны по всему миру, хранение и обработка их персональных данных становится сложной юридической проблемой. Если пытаться досконально вникнуть в законы сразу всех стран, можно превратиться в юридическую контору. С другой стороны, повсюду есть надзорные органы, которые грозят санкциями за любые нарушения. Чтобы избежать претензий, не навредить пользователям и обеспечить стабильное развитие бизнеса, недостаточно изучать нормативную базу. Желательно также знакомиться с реальным опытом разных компаний, особенно из числа тех, для кого работа с ПДн имеет первостепенное значение. Мы побеседовали с экспертами из соцсети ReLife, пользователи которой проживают в более 70 странах мира. Они рассказали, на что в первую очередь обращают внимание, на какие законы ориентируются, с какими рисками и «подводными камнями» сталкиваются и как их обходят. Вместе мы сравнили американское, европейское и российское законодательство по охране ПДн и делимся практическими рекомендациями по его соблюдению.

https://habr.com/ru/companies/bastion/articles/788114/

#пдн #законодательство #законодательство_в_it #gdpr #ADPPA #152фз #правовое_регулирование #персональные_данные

Whew! Another overflowing California Privacy Protection Agency (open) board meeting today. Discussion and updates on everything from assessments and definitions to legislation, rules, enforcement, and more – so good to see #CPPA continue its progress toward protecting consumer privacy in California!

Exhibit A: check out the newly launched online 'File a Complaint' form and FAQ 🔏 🙌

https://cppa.ca.gov/webapplications/complaint

#Privacy #Cybersecurity #California #CCPA #GDPR #ADPPA #PersonalData #DoNotSell

@J12t Big tech companies have been lobbying heavily to shape service provider language -- here's a good example from the #ADPPA consumer privacy legislation, where they successfully inserted some major loopholes. I doubt they were thinking specifically of ActivityPub federation when they were doing that but it certainly applies! At least potentially, we'd need to know more about their plans to know for sure 2/2

EDIT: oops, forgot the link https://www.protocol.com/newsletters/policy/cloud-enterprise-privacy

@tchambers

@onepict @histoftech

A regular reminder that Democrats, specifically West Coast Dems, not Republicans, blocked the best chance for a federal privacy law yet, the #ADPPA, which would have started to put the kibosh on this crap.

If you use #biometric means for #commercial purposes, not just a way for your employees to #authenticate to company devices/facilities, the #FTC is putting you on notice. Only 3 states (as of today) have #Biometric #Privacy #Laws in place - more than a dozen are working on #legislation now. The #ADPPA will have provisions for Biometric Privacy with regards to commercial use, but that's probably 12-18 months out (at least) from becoming a law. Check this article out. #Illinois isn't playing around: https://www.scmagazine.com/news/identity-and-access/ftc-to-crack-down-on-biometric-tec[…]GxNNIwwXOzak6aUeaAfVN26zQDToKa3VkfI6YAs3wvdfv-Woge99JpOxqlA

#PrivacyLaws #CyberSecurity #ThreatIntelligence #WatchYourAsses #BreachNotificationRule

Watching this hearing on #DataBrokers in US House Commerce Committee and already several mentions of needing to pass the #ADPPA already by members. #uspol #privacy #DataPrivacy
https://www.youtube.com/live/dVx-hObuS0Y

States banning software is dumb. States passing their own unique data privacy laws is also dumb. But Democrats controlled the last Congress, had a bipartisan national privacy bill (the #ADPPA) and the Democrats killed it. #uspol #DataPrivacy

This past week, I was quoted in the Daily Dot, in a great piece by Ben Brody about civil rights protections in last year’s comprehensive federal #privacy bill (aka #ADPPA).
https://www.dailydot.com/debug/civil-rights-data-privacy-congress/

I really wish reporters would call people out for quotes like this. It's just not true. #ADPPA is stronger than #CCPA in most respects, and where CCPA is stronger, it's marginal. CA gets way more authority under ADPPA.

Anyway, the article is here https://news.bloomberglaw.com/in-house-counsel/us-online-privacy-law-remains-elusive-as-tiktok-outrage-mounts

And the ADPPA / CCPA comparison chart is here https://techpolicy.press/evaluating-the-american-data-privacy-and-protection-act/

#Privacy

On Feb. 28 Governor Newsom, AG Bonta, and the #ccpa sent a join letter to Congress opposing the preemption language in HR 8152 #ADPPA

There is no doubt that strong federal #privacy legislation is needed, but it should not result in weaker protections for #California.

https://www.gov.ca.gov/2023/02/28/governor-newsom-attorney-general-bonta-and-cppa-file-letter-opposing-federal-privacy-preemption/

the only jobs Republicans don't care about are plaintiffs lawyers, apparently.

#Privacy #PrivateRightOfAction #ADPPA

Today's Nexus of Privacy News Roundup: state privacy legislation, grocery store loyalty cards, luxury surveillance from Meta ... and a boatload more!

https://privacy.thenexus.today/privacy-news-february-22/

Here's a short thread of highlights ...

@alng looks at proposed state #privacy laws based on #ADPPA, with quotes from @onekade and @CaitrionaFitz

https://www.politico.com/news/2023/02/22/statehouses-privacy-law-cybersecurity-00083775

The European Parliament's Committee on Civil Liberties, Justice and Home Affairs ("LIBE") released a draft resolution that does not look very kindly on the US attempt to support an adequacy determination under GDPR through an Executive Order. (It points out all the things it finds lacking in the US attempt at creating a new data privacy framework - no surprises here.) If this is indicative of the final outcome at the Commission (please, no wagering ;) ), Mr Schrems will be happy... and many of us will continue to work under the assumption that this is all going nowhere fast. Among the many failings noted: The US does not have a federal privacy law. #ADPPA was on the table in the last Congress. Are nudges from #POTUS at the #SOTU and from the #EU going to be sufficient to get the ball rolling again? Would any such law comprehensively address the outstanding concerns re: adequacy? Does failure to adopt such a law harm the global economic position of the US in the near term or in the long term? What other issues are raised by this development or by an eventual negative finding re: adequacy? #GDPR #adequacy #LIBE #DPF #dataprivacyframework #dataprivacy #privacy #data #personaldata #personaldataprotection #dataprotection #schremsii #schremsiii #EU #IAPP https://www.europarl.europa.eu/doceo/document/LIBE-RD-740749_EN.pdf

@sippey as #PrivacyFramework hovers on the verge of collapse and the #ADPPA is on life support, I'm 1000000% positive that this #GOP can lead us to federal #privacy law and #FISA reform to solve the intractable EU-US cross border data transfers issue that's plagued us since #Schrems went tilting at Facebook's windmills for the first time nearly a decade ago.

Obviously the USA needs a #GDPR, something like the #ADPPA maybe? In the meantime, #PermissionSlip by Consumer Reports has been working great for me and nuking data brokers that have scrounged up my data. Thanks to the #CCPA you don’t have to be a California resident to get results. But it’s all a bandaid to actual #DataRights for America. https://apps.apple.com/us/app/permission-slip-by-cr/id1591285074

⚠️New Report: Top US Data Brokers nightmarishly sell personal data of people including “highly sensitive mental health data on Americans including data on those with depression, attention disorder, insomnia, anxiety, ADHD, and bipolar disorder as well as data on ethnicity, age, gender, zip code, religion, children in the home, marital status, net worth, credit score, date of birth, and single parent status.” #DataRights #Privacy #ADPPA https://techpolicy.sanford.duke.edu/data-brokers-and-the-sale-of-americans-mental-health-data/

And it's not just Washington. There are dozens of other state privacy bills. In Congress, there's the Fourth Amendment Is Not For Sale Act, #ADPPA, #KOSA, and the upcoming #FISA reauth.

Leveraging the fediverse for legislative activism on privacy can have broad benefits.

Of course, the challenges of doing activism on Mastodon today are very real.

And this afternoon at 1:00 pm Pacific (4:00 pm Eastern), R Street Institute hosts a discussion on "the Future of Data Privacy and Security in the 118th Congress", with counsel from House Energy & Commerce, @Cam_Kerry Brandon J Pugh Alexandra Reeve Givens of @CenDemTech, moderated by Cristiano Lima. #ADPPA

https://rstreet.org/event/the-future-of-data-privacy-and-security-in-the-118th-congress

As usual, there are literally dozens more links in the full Nexus of Privacy Newsletter. Check it out at https://privacy.thenexus.today/privacy-news-january-26/

@femme_mal This is the federalist theory: that the statehouses can innovate while Washington gridlocks. Assuming this divided Congress will accomplish ZERO except scandal and controversy then there’s an argument to double-down on statehouses. The question then is what states will absorb which key elements of #ADPPA since it passed out of bipartisan committee last Congress.

@dmarti but would it really? Congress pegulating TikTok but giving a pass to other #SurveillanceCapitalism mechanism (by not passing anything or by passing something like #ADPPA that gives free rain to many surveillance capitalism business models) makes it clear that that surveillance capitailsm from US-based and US-funded companies is just fine!

@mekkaokereke a followup to your comment at https://hachyderm.io/@mekkaokereke/109620915830728313